Malware Analysis Report

2025-01-03 09:54

Sample ID 241103-wgwmrazflc
Target Danger.rar
SHA256 602d236401ea6b4d413bb1c89db0936d45b971d5e758ab959af93acdf6be0850
Tags
qr link pyinstaller discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

602d236401ea6b4d413bb1c89db0936d45b971d5e758ab959af93acdf6be0850

Threat Level: Shows suspicious behavior

The file Danger.rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

qr link pyinstaller discovery

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

One or more HTTP URLs in qr code identified

Browser Information Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Opens file in notepad (likely ransom note)

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Delays execution with timeout.exe

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-03 17:54

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

One or more HTTP URLs in qr code identified

qr link

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-03 17:54

Reported

2024-11-03 17:58

Platform

win11-20241007-en

Max time kernel

76s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\Data\Paypal_Cards.txt

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3608 wrote to memory of 4576 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 3608 wrote to memory of 4576 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\Data\Paypal_Cards.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Danger\Data\Paypal_Cards.txt

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-03 17:54

Reported

2024-11-03 18:02

Platform

win11-20241007-en

Max time kernel

100s

Max time network

205s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Danger\launcher.bat"

Signatures

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4468 wrote to memory of 2384 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 4468 wrote to memory of 2384 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Danger\launcher.bat"

C:\Windows\system32\timeout.exe

timeout 2

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-03 17:54

Reported

2024-11-03 18:04

Platform

win11-20241007-en

Max time kernel

335s

Max time network

345s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\requirements.txt

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1688 wrote to memory of 2876 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 1688 wrote to memory of 2876 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\requirements.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Danger\requirements.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-03 17:54

Reported

2024-11-03 17:59

Platform

win11-20241007-en

Max time kernel

143s

Max time network

151s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\#44g.png

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\#44g.png

Network

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-03 17:54

Reported

2024-11-03 18:02

Platform

win11-20241007-en

Max time kernel

327s

Max time network

337s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe

"C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe"

C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe

"C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mode 162,25

C:\Windows\system32\mode.com

mode 162,25

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

Network

Country Destination Domain Proto
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI10682\setuptools-56.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI10682\python39.dll

MD5 5cd203d356a77646856341a0c9135fc6
SHA1 a1f4ac5cc2f5ecb075b3d0129e620784814a48f7
SHA256 a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a
SHA512 390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

C:\Users\Admin\AppData\Local\Temp\_MEI10682\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI10682\base_library.zip

MD5 846fa247f4d15a129d33f112ff46af2c
SHA1 75bd773e594de5b696d8c06c90b10421f8f60781
SHA256 fb44ead9d13642b3b41f042d6041732f715438a6d5788270f0e1d5a5f66ccf22
SHA512 46a466d950fdd309e66809048f07cfe5e6f9b8b0f33a98af3b0349a9a4b9ae512a4d5eb10a85704ceb308073392aac1e0646d5077213dab710653ba101b2ac3f

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_ctypes.pyd

MD5 6fe3827e6704443e588c2701568b5f89
SHA1 ac9325fd29dead82ccd30be3ee7ee91c3aaeb967
SHA256 73acf2e0e28040cd696255abd53caaa811470b17a07c7b4d5a94f346b7474391
SHA512 be2502c006a615df30e61bea138bd1afca30640f39522d18db94df293c71df0a86c88df5fd5d8407daf1ccea6fac012d086212a3b80b8c32ede33b937881533a

C:\Users\Admin\AppData\Local\Temp\_MEI10682\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI10682\select.pyd

MD5 0e3cf5d792a3f543be8bbc186b97a27a
SHA1 50f4c70fce31504c6b746a2c8d9754a16ebc8d5e
SHA256 c7ffae6dc927cf10ac5da08614912bb3ad8fc52aa0ef9bc376d831e72dd74460
SHA512 224b42e05b4dbdf7275ee7c5d3eb190024fc55e22e38bd189c1685efee2a3dd527c6dfcb2feeec525b8d6dc35aded1eac2423ed62bb2599bb6a9ea34e842c340

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_bz2.pyd

MD5 e91b4f8e1592da26bacaceb542a220a8
SHA1 5459d4c2147fa6db75211c3ec6166b869738bd38
SHA256 20895fa331712701ebfdbb9ab87e394309e910f1d782929fd65b59ed76d9c90f
SHA512 cb797fa758c65358e5b0fef739181f6b39e0629758a6f8d5c4bd7dc6422001769a19df0c746724fb2567a58708b18bbd098327bfbdf3378426049b113eb848e9

C:\Users\Admin\AppData\Local\Temp\_MEI10682\pyexpat.pyd

MD5 96d55e550eb6f991783ece2bca53583d
SHA1 7b46eaae4e499a1f6604d3c81a85a0b827cc0b9e
SHA256 f5d8188c6674cbd814abd1e0dd4e5a8bfadb28e31b5088ae6c4346473b03d17e
SHA512 254b926690a565bc31cae88183745397c99d00b5d5417ab517a8762c8874dff8fcc30a59bda1cd41b0e19e2d807ac417293a3a001005996a5d4db43b9b14d5eb

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_lzma.pyd

MD5 493c33ddf375b394b648c4283b326481
SHA1 59c87ee582ba550f064429cb26ad79622c594f08
SHA256 6384ded31408788d35a89dc3f7705ea2928f6bbdeb8b627f0d1b2d7b1ea13e16
SHA512 a4a83f04c7fc321796ce6a932d572dca1ad6ecefd31002320aeaa2453701ed49ef9f0d9ba91c969737565a6512b94fbb0311aee53d355345a03e98f43e6f98b2

C:\Users\Admin\AppData\Local\Temp\_MEI10682\tcl86t.dll

MD5 c0b23815701dbae2a359cb8adb9ae730
SHA1 5be6736b645ed12e97b9462b77e5a43482673d90
SHA256 f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768
SHA512 ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

C:\Users\Admin\AppData\Local\Temp\_MEI10682\PIL\_imaging.cp39-win_amd64.pyd

MD5 7bdda60c9136dfcef785132a0c77b193
SHA1 f6bcd152d638cf54767203edb238eef2993b98bd
SHA256 bec23da5408f0fff9fe31c0ba49f6cd305ab6e242c270305c904295e54e88266
SHA512 b2e3df1aefdf271e494c91a9fa19bf0dbf8696fe30e524827659198080467dc5dc5d4a2394f27cefd8bb9923ece8757ccedaae3b5f836d4175690f128032098d

C:\Users\Admin\AppData\Local\Temp\_MEI10682\tcl\encoding\cp1252.enc

MD5 5900f51fd8b5ff75e65594eb7dd50533
SHA1 2e21300e0bc8a847d0423671b08d3c65761ee172
SHA256 14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0
SHA512 ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

C:\Users\Admin\AppData\Local\Temp\_MEI10682\MSVCP140.dll

MD5 cb75d6437418afe1a7b52acf75730ff1
SHA1 54c2da9552671b161cc87eb50fbdb86319b00f56
SHA256 7c4ce9d6bfcd6d9db4eef4e75ecdcf5a8e5320106e80f1eca617439fa43f33e8
SHA512 f58abb740a30467e2d8aedd7eed357da020fdc7d966e245890d102a52e96fea296e122c1d2bc112423fc64b6f5e70b7df3f3eb7de1bf5c2f5f0eb3644f1e06d6

C:\Users\Admin\AppData\Local\Temp\_MEI10682\PIL\_imagingft.cp39-win_amd64.pyd

MD5 baa02aa14b1fb55c1c429b295a9f5113
SHA1 34bd3ad57f42769aaf42a4ea155091d0e1c5e87f
SHA256 726a3fa1c2f187805d7af8a4021b6c97cb843c1f8383adec5c3c4634592d2025
SHA512 0bdc0740a28c88afc0b873fe2fb446b302f346207b3a7cb009bf7a3ebe77bbe3de75d9be18676f8785238087c78fc4b3852edf8a21bb25a73ab8345f803727d9

C:\Users\Admin\AppData\Local\Temp\_MEI10682\VCRUNTIME140_1.dll

MD5 9cff894542dc399e0a46dee017331edf
SHA1 d1e889d22a5311bd518517537ca98b3520fc99ff
SHA256 b1d3b6b3cdeb5b7b8187767cd86100b76233e7bbb9acf56c64f8288f34b269ca
SHA512 ca254231f12bdfc300712a37d31777ff9d3aa990ccc129129fa724b034f3b59c88ed5006a5f057348fa09a7de4a0c2e0fb479ce06556e2059f919ddd037f239e

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_hashlib.pyd

MD5 7c69cb3cb3182a97e3e9a30d2241ebed
SHA1 1b8754ff57a14c32bcadc330d4880382c7fffc93
SHA256 12a84bacb071b1948a9f751ac8d0653ba71a8f6b217a69fe062608e532065c20
SHA512 96dbabbc6b98d473cbe06dcd296f6c6004c485e57ac5ba10560a377393875192b22df8a7103fe4a22795b8d81b8b0ae14ce7646262f87cb609b9e2590a93169e

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_ssl.pyd

MD5 34b1d4db44fc3b29e8a85dd01432535f
SHA1 3189c207370622c97c7c049c97262d59c6487983
SHA256 e4aa33b312cec5aa5a0b064557576844879e0dccc40047c9d0a769a1d03f03f6
SHA512 f5f3dcd48d01aa56bd0a11eee02c21546440a59791ced2f85cdac81da1848ef367a93ef4f10fa52331ee2edea93cbcc95a0f94c0ccefa5d19e04ae5013563aee

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_elementtree.pyd

MD5 37ce940391c061734bbb44f51725c502
SHA1 05f9ef31382524504a41b06ab1b14c94eb4acedb
SHA256 46e3e9e4dee333231d12381de9c0a7d44f877c0f8c0c48d49c78005f5aa237a6
SHA512 9e7d36da259acb56e03b6f4ca108b47ca0588b3333fba14f32e99cc1678f025a72b7729de0c09be22f5064303e2185a7477636786cbc7541000e6a6470947143

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_queue.pyd

MD5 103a38f7fbf0da48b8611af309188011
SHA1 1db9e2cb2a92243da12efdca617499eb93ddcbf8
SHA256 3bc50ac551635b9ce6fbcddea5d3d621c1216e49e9958fa24546ab8f6f2d111a
SHA512 2e6c4b9786034cbf6a6d94761ed31807657ee10edd679147c838a2e6e97a0c13acd6e59bc6e69edf1ca725f12e0f972a0de0ae4b331da46dccd687c59096a250

C:\Users\Admin\AppData\Local\Temp\_MEI10682\lxml\etree.cp39-win_amd64.pyd

MD5 ce13539dd689624aedf9949b5ad04a4d
SHA1 30ac4d8d2125d514c04b7bfd7fc6184b8c99dab1
SHA256 e9ad04d14fa84ccad696ea50bdcf420dc58b3ad15e2c47737dcb16b34a14da57
SHA512 81b2b465278a4ba9036cc12854b8e8cba1f31a3f8834b560a556034dfa761f847719e524e63d7e975a722f8f79034fa835123b616bad640de2f58f4b376ad21b

C:\Users\Admin\AppData\Local\Temp\_MEI10682\cryptography\hazmat\bindings\_rust.pyd

MD5 4da297b15026197ab45cb5eadd60d2df
SHA1 dac6196e00a505f79156975866c7ca9389ac07ee
SHA256 fdc01f1c3eb583f060c8cc2be5753da86b55c5672174ba2ee9876e1bbcd54856
SHA512 c3cc8ba8fead48a6d58bb8e35e9f2c656c2c3433e1bd8cd4eb8726e9e9644345bdd2599a95b82111cff6d9d74c48bc6db7e91594dd5bc92d865a104ececc2aec

C:\Users\Admin\AppData\Local\Temp\_MEI10682\cryptography\hazmat\bindings\_openssl.pyd

MD5 4c0ad2eb9d030a088d00e90d2c57cbe9
SHA1 83710a36227ce0a277094c902f15a8aa365cec18
SHA256 dec59340c5854502551980c0ff1e013897d68be237e7c38ba9ee80c96d3ef7cd
SHA512 018e7236f9fe76ef124ff0b65d8832c47480bd31b40f435163566706cafaa326b5b234024c08afe80262b87c00310dc6bfa175a36c9f9d0d9a77040998f72f73

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_cffi_backend.cp39-win_amd64.pyd

MD5 3d48e9bc9a3b68e816e1d0be284f2d3f
SHA1 410921af4383bdc898df691ea39e3e9f558c3d85
SHA256 88451f322707b22c43b36796c3711bace64f50ef7b22c94fbf29a04a2838e533
SHA512 829c0e0458f927ffd8e60194c5ef75c9e4f9da86d3fa7d7184715a869a2765b5e3a0d4263ab9acbbdb752f451acc87eb5a7b1d63712c67e21fcef8c228da3db3

C:\Users\Admin\AppData\Local\Temp\_MEI10682\bcrypt\_bcrypt.pyd

MD5 cf00c6c161757c4d8d22bf17454d81fc
SHA1 09e58262814824182bdf7d5a003add397fa1e8dd
SHA256 bc04e7527f98b38befb68e96fea1d25eb61e360398539d26d8cfcd7b910e0a61
SHA512 4a6aad3798a76c38d15ceebce147d4e0f9af231ec054cedab087f32f594768af6baddee0b8748c3f2cae820c863225ee3cc5e8df0f0fe0a9e05d95746a090e00

C:\Users\Admin\AppData\Local\Temp\_MEI10682\lxml\_elementpath.cp39-win_amd64.pyd

MD5 cdf12790ea7e452038c634d16a8018cf
SHA1 988a0d6ab1064c5bdc05e268424a194f1bfd3034
SHA256 78a6c7c21de5e1c6f4d47bdd7622ff7c904b25ee7ff93994dfda8c43fc610c07
SHA512 91ca1de9a5dfc793ed8ff80abc97020c522e5795ad02eb38c8ae38506539965c28b87a73b475951d668d5129c052dc5cca5a636e1257ebc1e4421df7c7e406b1

C:\Users\Admin\AppData\Local\Temp\_MEI10682\unicodedata.pyd

MD5 7af51031368619638cca688a7275db14
SHA1 64e2cc5ac5afe8a65af690047dc03858157e964c
SHA256 7f02a99a23cc3ff63ecb10ba6006e2da7bf685530bad43882ebf90d042b9eeb6
SHA512 fbde24501288ff9b06fc96faff5e7a1849765df239e816774c04a4a6ef54a0c641adf4325bfb116952082d3234baef12288174ad8c18b62407109f29aa5ab326

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_brotli.cp39-win_amd64.pyd

MD5 2c7528407abfd7c6ef08f7bcf2e88e21
SHA1 ee855c0cde407f9a26a9720419bf91d7f1f283a7
SHA256 093ab305d9780373c3c7d04d19244f5e48c48e71958963ceca6211d5017a4441
SHA512 93e7c12a6038778fcda30734d933b869f93e3b041bb6940852404641a599fe9c8ee1168a2e99dcfb624f84c306aff99757d17570febabc259908c8f6cda4dbea

C:\Users\Admin\AppData\Local\Temp\_MEI10682\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI10682\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI10682\tk86t.dll

MD5 fdc8a5d96f9576bd70aa1cadc2f21748
SHA1 bae145525a18ce7e5bc69c5f43c6044de7b6e004
SHA256 1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5
SHA512 816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_tkinter.pyd

MD5 0b6ec42276cbbf7aafcde5b0f72211f4
SHA1 2f9d09ab988a269c44df080224851dd880371d78
SHA256 ac4262aaa4689a0e08f6f03af3928491d023c8b65fcfbf6a030dd884f3900150
SHA512 265317961130c9cbee5ee6982d21446bc3ed3fd2a57bd6f60909e082c39f26b44b8a974430b4f841cdfaba4217a559568a009b996308ba4173d7fbe1c3fe8c15

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_socket.pyd

MD5 fd1cfe0f0023c5780247f11d8d2802c9
SHA1 5b29a3b4c6edb6fa176077e1f1432e3b0178f2bc
SHA256 258a5f0b4d362b2fed80b24eeabcb3cdd1602e32ff79d87225da6d15106b17a6
SHA512 b304a2e56829a557ec401c6fdda78d6d05b7495a610c1ed793d6b25fc5af891cb2a1581addb27ab5e2a6cb0be24d9678f67b97828015161bc875df9b7b5055ae

C:\Users\Admin\AppData\Local\Temp\_MEI10682\python3.dll

MD5 e438f5470c5c1cb5ddbe02b59e13ad2c
SHA1 ec58741bf0be7f97525f4b867869a3b536e68589
SHA256 1dc81d8066d44480163233f249468039d3de97e91937965e7a369ae1499013da
SHA512 bd8012b167dd37bd5b57521ca91ad2c9891a61866558f2cc8e80bb029d6f7d73c758fb5be7a181562640011e8b4b54afa3a12434ba00f445c1a87b52552429d3

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-03 17:54

Reported

2024-11-03 17:59

Platform

win11-20241007-en

Max time kernel

147s

Max time network

151s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\mainer.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\mainer.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-03 17:54

Reported

2024-11-03 17:58

Platform

win11-20241007-en

Max time kernel

90s

Max time network

97s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\Data\Amazon_Gift_Card.txt

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5808 wrote to memory of 2608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 5808 wrote to memory of 2608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\Data\Amazon_Gift_Card.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Danger\Data\Amazon_Gift_Card.txt

Network

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-03 17:54

Reported

2024-11-03 18:25

Platform

win11-20241023-en

Max time kernel

1799s

Max time network

1802s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Danger.rar"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A
N/A N/A C:\Users\Admin\Desktop\Danger.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133751307278895271" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Pictures" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000000d38ef0b5625db01e7230fb0192edb01e7230fb0192edb0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Pictures" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Pictures" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 240 wrote to memory of 2952 N/A C:\Users\Admin\Desktop\Danger.exe C:\Users\Admin\Desktop\Danger.exe
PID 240 wrote to memory of 2952 N/A C:\Users\Admin\Desktop\Danger.exe C:\Users\Admin\Desktop\Danger.exe
PID 2952 wrote to memory of 2872 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 2872 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 4000 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 4000 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 4000 wrote to memory of 3396 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mode.com
PID 4000 wrote to memory of 3396 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mode.com
PID 2952 wrote to memory of 1864 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 1864 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 2600 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 2600 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 3276 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 3276 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 5044 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 5044 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 972 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 972 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 1404 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 1404 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 1488 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 1488 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 4448 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 4448 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 3504 wrote to memory of 4732 N/A C:\Users\Admin\Desktop\Danger.exe C:\Users\Admin\Desktop\Danger.exe
PID 3504 wrote to memory of 4732 N/A C:\Users\Admin\Desktop\Danger.exe C:\Users\Admin\Desktop\Danger.exe
PID 4732 wrote to memory of 1548 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 4732 wrote to memory of 1548 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 4732 wrote to memory of 4476 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 4732 wrote to memory of 4476 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 4476 wrote to memory of 1360 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mode.com
PID 4476 wrote to memory of 1360 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mode.com
PID 4732 wrote to memory of 2676 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 4732 wrote to memory of 2676 N/A C:\Users\Admin\Desktop\Danger.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 2812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 2812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1484 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Danger.rar"

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\launcher.bat

C:\Users\Admin\Desktop\Danger.exe

"C:\Users\Admin\Desktop\Danger.exe"

C:\Users\Admin\Desktop\Danger.exe

"C:\Users\Admin\Desktop\Danger.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mode 162,25

C:\Windows\system32\mode.com

mode 162,25

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Users\Admin\Desktop\Danger.exe

"C:\Users\Admin\Desktop\Danger.exe"

C:\Users\Admin\Desktop\Danger.exe

"C:\Users\Admin\Desktop\Danger.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mode 162,25

C:\Windows\system32\mode.com

mode 162,25

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4025cc40,0x7ffe4025cc4c,0x7ffe4025cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1968 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2164 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4088,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4432,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4744 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4920 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4632 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4736,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4644,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5272,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5196,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3176 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4480,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4252,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4536,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3140,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4668 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5408,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1128 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4516,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3728 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4328,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5220,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5540,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5560 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5664,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5436 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5188,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4324,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3344,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5812,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4768,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4668 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4464,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5908,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5404,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5952,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=4944,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=4460,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5868,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=3136,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4056 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=5972,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4528 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=4500,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3132 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=5804,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4924,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=5612,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4384 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=4372,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=2616,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe3d5e3cb8,0x7ffe3d5e3cc8,0x7ffe3d5e3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=5576,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=5336,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4496 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6284,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=3716,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=6416,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=6660,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6436 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=6532,i,16481003260764985449,8042166739618119271,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,122041016672551637,15959947089280824553,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4744 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
GB 172.217.16.238:443 images.google.co.uk udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 ogs.google.com udp
GB 142.250.178.14:443 ogs.google.com tcp
GB 142.250.178.14:443 ogs.google.com tcp
GB 172.217.16.227:443 ssl.gstatic.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
GB 216.58.201.110:443 consent.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk udp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk udp
GB 216.58.201.110:443 consent.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 lens.google.com udp
GB 142.250.200.14:443 lens.google.com tcp
GB 172.217.16.238:443 images.google.co.uk udp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.200.14:443 lens.google.com tcp
GB 142.250.200.14:443 lens.google.com tcp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.200.14:443 lens.google.com udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.201.110:443 consent.google.co.uk tcp
GB 216.58.201.110:443 consent.google.co.uk tcp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 142.250.200.14:443 google.com udp
GB 172.217.16.238:443 images.google.co.uk udp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
GB 172.217.16.238:443 images.google.co.uk udp
US 172.253.58.94:443 id.google.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
GB 142.250.178.14:443 ogs.google.co.uk tcp
GB 142.250.178.14:443 ogs.google.co.uk tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
GB 172.217.16.238:443 images.google.co.uk udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.200.3:443 google.co.uk tcp
GB 172.217.16.227:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 142.250.200.14:443 google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 142.250.200.3:443 google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.200.14:443 google.com tcp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
GB 172.217.16.238:443 images.google.co.uk udp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 142.250.187.202:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.180.4:443 www.google.com udp
US 172.253.58.94:443 id.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.178.14:443 ogs.google.co.uk tcp
GB 142.250.178.14:443 ogs.google.co.uk tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.14:443 google.com tcp
GB 142.250.200.14:443 google.com tcp
GB 172.217.16.238:443 images.google.co.uk udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.16.238:443 images.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 142.250.200.14:443 google.com tcp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 142.250.200.14:443 google.com tcp
GB 172.217.16.238:443 images.google.co.uk tcp
GB 216.58.201.110:443 apis.google.com udp
GB 142.250.200.14:443 google.com tcp
GB 172.217.16.238:443 images.google.co.uk tcp
US 8.8.8.8:53 brave.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.3:443 google.co.uk tcp
GB 142.250.200.3:443 google.co.uk tcp
GB 18.239.236.32:443 brave.com tcp
US 8.8.8.8:53 32.236.239.18.in-addr.arpa udp
GB 172.217.16.238:443 images.google.co.uk udp
GB 142.250.187.227:80 www.gstatic.com tcp
GB 142.250.187.227:80 www.gstatic.com tcp
GB 172.217.16.238:443 images.google.co.uk udp
US 95.100.195.168:443 www.bing.com tcp
US 95.100.195.168:443 www.bing.com tcp
US 95.100.195.168:443 www.bing.com tcp
US 95.100.195.168:443 www.bing.com tcp
US 8.8.8.8:53 168.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
US 95.100.195.168:443 www.bing.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 18.239.236.32:443 brave.com tcp
GB 18.239.236.32:443 brave.com tcp
GB 216.58.204.67:443 www.google.co.uk udp
GB 142.250.200.14:443 google.com tcp
GB 142.250.200.14:443 google.com tcp
GB 18.239.236.41:443 brave.com tcp
US 8.8.8.8:53 41.236.239.18.in-addr.arpa udp
US 8.8.8.8:53 lens.google.com udp
GB 142.250.200.3:443 google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 142.250.200.14:443 lens.google.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.27.82:443 www.bing.com tcp
GB 2.18.190.145:443 aefd.nelreports.net tcp
US 8.8.8.8:53 145.190.18.2.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
GB 142.250.187.195:443 www.google.co.uk udp
GB 142.250.200.14:443 google.com udp
GB 172.217.16.238:443 consent.google.com tcp
GB 172.217.16.238:443 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp

Files

C:\Users\Admin\Desktop\launcher.bat

MD5 04e8287c402c73d3a848456f9b9395c0
SHA1 7325ddccc2e37414c881c3a29c4d44973009102b
SHA256 62a9ff24f0708441234eeeb85e730d87d7835d065dffc5f4aa7cf977653ec850
SHA512 ba1f67541bdec09dfbecf2f448b3fd1be9e27a8f9129327657adf7928879786acd0fdef04bc754ea33c66072418c0a2643edd046e0322d77d96533b078dfb687

C:\Users\Admin\AppData\Local\Temp\_MEI2402\setuptools-56.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI2402\python39.dll

MD5 5cd203d356a77646856341a0c9135fc6
SHA1 a1f4ac5cc2f5ecb075b3d0129e620784814a48f7
SHA256 a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a
SHA512 390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

C:\Users\Admin\AppData\Local\Temp\_MEI2402\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI2402\base_library.zip

MD5 846fa247f4d15a129d33f112ff46af2c
SHA1 75bd773e594de5b696d8c06c90b10421f8f60781
SHA256 fb44ead9d13642b3b41f042d6041732f715438a6d5788270f0e1d5a5f66ccf22
SHA512 46a466d950fdd309e66809048f07cfe5e6f9b8b0f33a98af3b0349a9a4b9ae512a4d5eb10a85704ceb308073392aac1e0646d5077213dab710653ba101b2ac3f

C:\Users\Admin\AppData\Local\Temp\_MEI2402\python3.DLL

MD5 e438f5470c5c1cb5ddbe02b59e13ad2c
SHA1 ec58741bf0be7f97525f4b867869a3b536e68589
SHA256 1dc81d8066d44480163233f249468039d3de97e91937965e7a369ae1499013da
SHA512 bd8012b167dd37bd5b57521ca91ad2c9891a61866558f2cc8e80bb029d6f7d73c758fb5be7a181562640011e8b4b54afa3a12434ba00f445c1a87b52552429d3

C:\Users\Admin\AppData\Local\Temp\_MEI2402\_ctypes.pyd

MD5 6fe3827e6704443e588c2701568b5f89
SHA1 ac9325fd29dead82ccd30be3ee7ee91c3aaeb967
SHA256 73acf2e0e28040cd696255abd53caaa811470b17a07c7b4d5a94f346b7474391
SHA512 be2502c006a615df30e61bea138bd1afca30640f39522d18db94df293c71df0a86c88df5fd5d8407daf1ccea6fac012d086212a3b80b8c32ede33b937881533a

C:\Users\Admin\AppData\Local\Temp\_MEI2402\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI2402\_socket.pyd

MD5 fd1cfe0f0023c5780247f11d8d2802c9
SHA1 5b29a3b4c6edb6fa176077e1f1432e3b0178f2bc
SHA256 258a5f0b4d362b2fed80b24eeabcb3cdd1602e32ff79d87225da6d15106b17a6
SHA512 b304a2e56829a557ec401c6fdda78d6d05b7495a610c1ed793d6b25fc5af891cb2a1581addb27ab5e2a6cb0be24d9678f67b97828015161bc875df9b7b5055ae

C:\Users\Admin\AppData\Local\Temp\_MEI2402\select.pyd

MD5 0e3cf5d792a3f543be8bbc186b97a27a
SHA1 50f4c70fce31504c6b746a2c8d9754a16ebc8d5e
SHA256 c7ffae6dc927cf10ac5da08614912bb3ad8fc52aa0ef9bc376d831e72dd74460
SHA512 224b42e05b4dbdf7275ee7c5d3eb190024fc55e22e38bd189c1685efee2a3dd527c6dfcb2feeec525b8d6dc35aded1eac2423ed62bb2599bb6a9ea34e842c340

C:\Users\Admin\AppData\Local\Temp\_MEI2402\_bz2.pyd

MD5 e91b4f8e1592da26bacaceb542a220a8
SHA1 5459d4c2147fa6db75211c3ec6166b869738bd38
SHA256 20895fa331712701ebfdbb9ab87e394309e910f1d782929fd65b59ed76d9c90f
SHA512 cb797fa758c65358e5b0fef739181f6b39e0629758a6f8d5c4bd7dc6422001769a19df0c746724fb2567a58708b18bbd098327bfbdf3378426049b113eb848e9

C:\Users\Admin\AppData\Local\Temp\_MEI2402\_lzma.pyd

MD5 493c33ddf375b394b648c4283b326481
SHA1 59c87ee582ba550f064429cb26ad79622c594f08
SHA256 6384ded31408788d35a89dc3f7705ea2928f6bbdeb8b627f0d1b2d7b1ea13e16
SHA512 a4a83f04c7fc321796ce6a932d572dca1ad6ecefd31002320aeaa2453701ed49ef9f0d9ba91c969737565a6512b94fbb0311aee53d355345a03e98f43e6f98b2

C:\Users\Admin\AppData\Local\Temp\_MEI2402\pyexpat.pyd

MD5 96d55e550eb6f991783ece2bca53583d
SHA1 7b46eaae4e499a1f6604d3c81a85a0b827cc0b9e
SHA256 f5d8188c6674cbd814abd1e0dd4e5a8bfadb28e31b5088ae6c4346473b03d17e
SHA512 254b926690a565bc31cae88183745397c99d00b5d5417ab517a8762c8874dff8fcc30a59bda1cd41b0e19e2d807ac417293a3a001005996a5d4db43b9b14d5eb

C:\Users\Admin\AppData\Local\Temp\_MEI2402\tcl86t.dll

MD5 c0b23815701dbae2a359cb8adb9ae730
SHA1 5be6736b645ed12e97b9462b77e5a43482673d90
SHA256 f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768
SHA512 ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

C:\Users\Admin\AppData\Local\Temp\_MEI2402\_tkinter.pyd

MD5 0b6ec42276cbbf7aafcde5b0f72211f4
SHA1 2f9d09ab988a269c44df080224851dd880371d78
SHA256 ac4262aaa4689a0e08f6f03af3928491d023c8b65fcfbf6a030dd884f3900150
SHA512 265317961130c9cbee5ee6982d21446bc3ed3fd2a57bd6f60909e082c39f26b44b8a974430b4f841cdfaba4217a559568a009b996308ba4173d7fbe1c3fe8c15

C:\Users\Admin\AppData\Local\Temp\_MEI2402\tk86t.dll

MD5 fdc8a5d96f9576bd70aa1cadc2f21748
SHA1 bae145525a18ce7e5bc69c5f43c6044de7b6e004
SHA256 1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5
SHA512 816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c

C:\Users\Admin\AppData\Local\Temp\_MEI2402\tcl\encoding\cp1252.enc

MD5 5900f51fd8b5ff75e65594eb7dd50533
SHA1 2e21300e0bc8a847d0423671b08d3c65761ee172
SHA256 14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0
SHA512 ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

C:\Users\Admin\AppData\Local\Temp\_MEI2402\PIL\_imaging.cp39-win_amd64.pyd

MD5 7bdda60c9136dfcef785132a0c77b193
SHA1 f6bcd152d638cf54767203edb238eef2993b98bd
SHA256 bec23da5408f0fff9fe31c0ba49f6cd305ab6e242c270305c904295e54e88266
SHA512 b2e3df1aefdf271e494c91a9fa19bf0dbf8696fe30e524827659198080467dc5dc5d4a2394f27cefd8bb9923ece8757ccedaae3b5f836d4175690f128032098d

C:\Users\Admin\AppData\Local\Temp\_MEI2402\MSVCP140.dll

MD5 cb75d6437418afe1a7b52acf75730ff1
SHA1 54c2da9552671b161cc87eb50fbdb86319b00f56
SHA256 7c4ce9d6bfcd6d9db4eef4e75ecdcf5a8e5320106e80f1eca617439fa43f33e8
SHA512 f58abb740a30467e2d8aedd7eed357da020fdc7d966e245890d102a52e96fea296e122c1d2bc112423fc64b6f5e70b7df3f3eb7de1bf5c2f5f0eb3644f1e06d6

C:\Users\Admin\AppData\Local\Temp\_MEI2402\VCRUNTIME140_1.dll

MD5 9cff894542dc399e0a46dee017331edf
SHA1 d1e889d22a5311bd518517537ca98b3520fc99ff
SHA256 b1d3b6b3cdeb5b7b8187767cd86100b76233e7bbb9acf56c64f8288f34b269ca
SHA512 ca254231f12bdfc300712a37d31777ff9d3aa990ccc129129fa724b034f3b59c88ed5006a5f057348fa09a7de4a0c2e0fb479ce06556e2059f919ddd037f239e

C:\Users\Admin\AppData\Local\Temp\_MEI2402\PIL\_imagingft.cp39-win_amd64.pyd

MD5 baa02aa14b1fb55c1c429b295a9f5113
SHA1 34bd3ad57f42769aaf42a4ea155091d0e1c5e87f
SHA256 726a3fa1c2f187805d7af8a4021b6c97cb843c1f8383adec5c3c4634592d2025
SHA512 0bdc0740a28c88afc0b873fe2fb446b302f346207b3a7cb009bf7a3ebe77bbe3de75d9be18676f8785238087c78fc4b3852edf8a21bb25a73ab8345f803727d9

C:\Users\Admin\AppData\Local\Temp\_MEI2402\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI2402\_hashlib.pyd

MD5 7c69cb3cb3182a97e3e9a30d2241ebed
SHA1 1b8754ff57a14c32bcadc330d4880382c7fffc93
SHA256 12a84bacb071b1948a9f751ac8d0653ba71a8f6b217a69fe062608e532065c20
SHA512 96dbabbc6b98d473cbe06dcd296f6c6004c485e57ac5ba10560a377393875192b22df8a7103fe4a22795b8d81b8b0ae14ce7646262f87cb609b9e2590a93169e

C:\Users\Admin\AppData\Local\Temp\_MEI2402\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI2402\_elementtree.pyd

MD5 37ce940391c061734bbb44f51725c502
SHA1 05f9ef31382524504a41b06ab1b14c94eb4acedb
SHA256 46e3e9e4dee333231d12381de9c0a7d44f877c0f8c0c48d49c78005f5aa237a6
SHA512 9e7d36da259acb56e03b6f4ca108b47ca0588b3333fba14f32e99cc1678f025a72b7729de0c09be22f5064303e2185a7477636786cbc7541000e6a6470947143

C:\Users\Admin\AppData\Local\Temp\_MEI2402\_queue.pyd

MD5 103a38f7fbf0da48b8611af309188011
SHA1 1db9e2cb2a92243da12efdca617499eb93ddcbf8
SHA256 3bc50ac551635b9ce6fbcddea5d3d621c1216e49e9958fa24546ab8f6f2d111a
SHA512 2e6c4b9786034cbf6a6d94761ed31807657ee10edd679147c838a2e6e97a0c13acd6e59bc6e69edf1ca725f12e0f972a0de0ae4b331da46dccd687c59096a250

C:\Users\Admin\AppData\Local\Temp\_MEI2402\_brotli.cp39-win_amd64.pyd

MD5 2c7528407abfd7c6ef08f7bcf2e88e21
SHA1 ee855c0cde407f9a26a9720419bf91d7f1f283a7
SHA256 093ab305d9780373c3c7d04d19244f5e48c48e71958963ceca6211d5017a4441
SHA512 93e7c12a6038778fcda30734d933b869f93e3b041bb6940852404641a599fe9c8ee1168a2e99dcfb624f84c306aff99757d17570febabc259908c8f6cda4dbea

C:\Users\Admin\AppData\Local\Temp\_MEI2402\_ssl.pyd

MD5 34b1d4db44fc3b29e8a85dd01432535f
SHA1 3189c207370622c97c7c049c97262d59c6487983
SHA256 e4aa33b312cec5aa5a0b064557576844879e0dccc40047c9d0a769a1d03f03f6
SHA512 f5f3dcd48d01aa56bd0a11eee02c21546440a59791ced2f85cdac81da1848ef367a93ef4f10fa52331ee2edea93cbcc95a0f94c0ccefa5d19e04ae5013563aee

C:\Users\Admin\AppData\Local\Temp\_MEI2402\unicodedata.pyd

MD5 7af51031368619638cca688a7275db14
SHA1 64e2cc5ac5afe8a65af690047dc03858157e964c
SHA256 7f02a99a23cc3ff63ecb10ba6006e2da7bf685530bad43882ebf90d042b9eeb6
SHA512 fbde24501288ff9b06fc96faff5e7a1849765df239e816774c04a4a6ef54a0c641adf4325bfb116952082d3234baef12288174ad8c18b62407109f29aa5ab326

C:\Users\Admin\AppData\Local\Temp\_MEI2402\lxml\etree.cp39-win_amd64.pyd

MD5 ce13539dd689624aedf9949b5ad04a4d
SHA1 30ac4d8d2125d514c04b7bfd7fc6184b8c99dab1
SHA256 e9ad04d14fa84ccad696ea50bdcf420dc58b3ad15e2c47737dcb16b34a14da57
SHA512 81b2b465278a4ba9036cc12854b8e8cba1f31a3f8834b560a556034dfa761f847719e524e63d7e975a722f8f79034fa835123b616bad640de2f58f4b376ad21b

C:\Users\Admin\AppData\Local\Temp\_MEI2402\lxml\_elementpath.cp39-win_amd64.pyd

MD5 cdf12790ea7e452038c634d16a8018cf
SHA1 988a0d6ab1064c5bdc05e268424a194f1bfd3034
SHA256 78a6c7c21de5e1c6f4d47bdd7622ff7c904b25ee7ff93994dfda8c43fc610c07
SHA512 91ca1de9a5dfc793ed8ff80abc97020c522e5795ad02eb38c8ae38506539965c28b87a73b475951d668d5129c052dc5cca5a636e1257ebc1e4421df7c7e406b1

C:\Users\Admin\AppData\Local\Temp\_MEI2402\cryptography\hazmat\bindings\_rust.pyd

MD5 4da297b15026197ab45cb5eadd60d2df
SHA1 dac6196e00a505f79156975866c7ca9389ac07ee
SHA256 fdc01f1c3eb583f060c8cc2be5753da86b55c5672174ba2ee9876e1bbcd54856
SHA512 c3cc8ba8fead48a6d58bb8e35e9f2c656c2c3433e1bd8cd4eb8726e9e9644345bdd2599a95b82111cff6d9d74c48bc6db7e91594dd5bc92d865a104ececc2aec

C:\Users\Admin\AppData\Local\Temp\_MEI2402\bcrypt\_bcrypt.pyd

MD5 cf00c6c161757c4d8d22bf17454d81fc
SHA1 09e58262814824182bdf7d5a003add397fa1e8dd
SHA256 bc04e7527f98b38befb68e96fea1d25eb61e360398539d26d8cfcd7b910e0a61
SHA512 4a6aad3798a76c38d15ceebce147d4e0f9af231ec054cedab087f32f594768af6baddee0b8748c3f2cae820c863225ee3cc5e8df0f0fe0a9e05d95746a090e00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 3bea207fe75b71121b9c06b177fa7655
SHA1 5e06c13f0e02b609ab4331c33e0edb6699f0a203
SHA256 c26dd30d09f53ce82434e16909fdc396168e17c0806eb6d123e29ced73aab4af
SHA512 d5156fd833965356b36912fdbc1091cb791d200e8cce46ff48cd725a73deea5a21866d067f96570f4f28cf7a2fae42dfc86f201c89509684cf0387e1a19f13af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7c137e8634c03c5692bf1da394dc3593
SHA1 0508b0c43f406c075a64acf0ab02b745042bbae0
SHA256 21bdf1d1d54f51ff2e650a7f4a07d949f15d5b7d4743c8550472c5628fe5a2ae
SHA512 eef62e36f0ad4074b98235bdf87b33a6244b66aad8a1a7c6da9397a4021f92656030f7755813c3ce913565bfb8c5b9e2a0b1b2e48478de0e45c9bdc4101d2d59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8b6d1e84a46d4e38f91ee175cf2eb406
SHA1 d45145b19b98e64471dbf2d410147db7992f0674
SHA256 d5aa39bbba09fe1ab3725169872440c1fd7daecd2732c8b1aa989b7883ec9366
SHA512 dd63b79cc93c748ccbfaf1b2e2fdaef0759378a2dd9ff879b8bd5f39fa3573488d6ba06331176a2de4769ab6a0c71ec2cd531f0cb1581ab9ab964f81e5c663ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e781d15a4c83bb239d3864ddb845209e
SHA1 d4ddb2a50c736a4470799eb722153eb731c91fdb
SHA256 d579c6d621d58d957256060acc49d1b142fbb2e35c000faf2fabd737b9d61262
SHA512 d2832ed7963b69d7a30a40d2670e40df2f236fc69ccfa0b23c217db2977b58068c1a556eb256ee506df5ddda6b298b19bf82e918d80513e3e4129781ab03d2c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 6be1b4dd9491d4171455789d17aae5e0
SHA1 caef046f920b3522869d3fe0e946e9aac5795319
SHA256 8a39bd00ae5b6edb29a1a6297104f5f131a80bf5c3f6fb2d54c5d5bd9c59233a
SHA512 9ad9e78b56a499bd7473d23bea1c7b2d115f185fdc0ec6341e1849e0245ccd5e6926d747f15a5920fdfe6a1a477d2963023aede6b4151122d2839dd721736738

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d1846150af71fbe67da90789425b22bb
SHA1 66f37ed8cc9afcb1cdf931b36c89a4f2aaa91f4b
SHA256 635ab7b5d07520c5f5d2fce26fbb2704dc34fb80c1567e2474bfc140719e4a88
SHA512 7eceb5c91fcf1a9219eaa9cea28385c45d66b7ca296a739151d55f782b8f5fda7a7e825c253e57a4210a8aef9adcd7f248f0d00d228ecfb7f137bc64a335cd0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 40958af3d394d9ab3045e9c20527c580
SHA1 e15510deb62f9877717ba9c6e9f55341c19abd01
SHA256 1caa76625f1d4d53e0ab5f118a8b7112fafed73822b69e31c4f0d791a18eb352
SHA512 1fd06c4d3f5e4f0b4bd72ddfc7b1d41b6a009c53ea8598f5e724b9bd0059a1d022806fd9ce9789571a3e99fbabead4f7493755cffd1be3c877a4c519eec0998f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da664c77ab1c2d67b007d529731be123
SHA1 e6bc7b075212127c73bf964eb461f707dfff81d2
SHA256 62273bb54065818e8ec47088a77c890891787681eeae58730a3c6b4912f5ea73
SHA512 4e447c01ae9ed5ebbf0ab131f84cefc3f9df053d7293debe4ff33327d09596c035a5b2d9730e2790c25b45a1a4b5f48e06dc880b0fae3d2e8c6da845fb294bde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 eebe582602ae2be027caa8a79bed4dec
SHA1 cbefd78bf0ded89adf9a0ea07bfaa48066c1b794
SHA256 1347807e55afdf76b8cbfc9a3d23cc3558b09eaabc59dc5c45e7193c5a7b9124
SHA512 273133a999dda58cc49b5832258828c470f287f4ad240d0a08685581deba82c26fc1b6f2acef678d374410aeec6c5389f933d6fac22b3026dd40370a0b08a9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe99e7788cbf69ef5b61d2c57d0bca8e
SHA1 39743479a39b894e9fc5dca10fff73ddb3dfc552
SHA256 2e8e08657169903f58d9ed890b9b302167a057ea5f772f597aa6f4ec87946fe9
SHA512 9da8b7c6d561f9d99e4efcc717674db572c8a7f180d2026c7638170a1544572961722a7ec40cfc5fc8488206354a824f53f4310c5436465c014bc3da586bcfec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a180a038a6ae563c8c9ebca0067e6aa3
SHA1 d5c382b9463efeb3b72ddc9d34f81bf6fa8e3993
SHA256 123e46a2498c7a6b8198bf9b62a2335062e6a4f6e89fe93ca91b4a6b7100c1e3
SHA512 f4fc029a36ae70d5bf2a05d8dd4d066bda40d704806c0a83e5d3d9c036b51bc34f480229812db57abb731096ab043f00dd42f22a5a1daaa4309ff6aa2cd1dbd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d7878750ab50fa975c98f5aa93f5db7
SHA1 5809fb0d4cd8e585e5e8ad146acc823acf8b6fcb
SHA256 99679c01b2b9ca0a9d1f7548e8a41e5d721ce0aa42a89f9f21d8ba4968f81b4c
SHA512 7ee94bc0ebe4d75a75e2ceb6b9cd859377956090228dd429b5090e2b5e9720f6c3a7e8fd389bc2d2aa4ee3585754156b32de0628889fbe4caa7ddbe347c4d83e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 bdc297bce0eaeac93ea64b22cc8539d0
SHA1 6e9f963ee9a9f3fe9b9879236796e41382db3ab7
SHA256 238d2ef131fdbfdaf56aec1e0ffeefed37c26c33b6e9c7b8757b74f164f7b489
SHA512 9d8e21a82c0c589cfac1214d2647f3cf580f97f45e5099ba578f3b1755d4c1dbb514936bbf49835fd76fa480865e49d7ef70fcb0e3ba62a20647421d11d1fe6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3ed8a0dfbb4ac9df364634782aa433ef
SHA1 d5c35c7053c5cd3ae9a9f5fe38b9ebdadb3ca589
SHA256 6e8f2c3e1ff7f4eea4a2b1e638d352dfcc566f151ee7b4f813903a8ba12efd87
SHA512 fd93e7ce23d833349e1b854cf8970b0c2b1067998ab454b042c5f7e57dea8f9740f88955fa165a0631f6a1a9715b657ecdadc033465f69d08213bfcd700e78ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 48f6f9fda7cce82cbc5dfbf3de66bcbd
SHA1 363daa4c7fdee049e0fe75f8e20d42f417305a19
SHA256 354ad2fdc36201f772b31cf08306023d196d7be93af67208d90bb3a8e31b1458
SHA512 826a1db15490d01f9c6723c5eb644a0f16ec3b7f47921dc63ed7908fba3334ee63cd8f5768ab7b2c850d0ba245ab336698baf88f6bbf2321a1e1c651f429bead

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 d4586933fabd5754ef925c6e940472f4
SHA1 a77f36a596ef86e1ad10444b2679e1531995b553
SHA256 6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2
SHA512 6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d105429345d34d015787f67b50d8f85a
SHA1 f7a75f77f0b99d02ef0cc476b1bcb395bd7b4357
SHA256 c033c670c9a66915adc997c013929aa6395ed319e51c6f80c367967a9d57b69c
SHA512 9dc4916f35e870a0df1dd94b43b1ed6b11519de9400cd89f95d678bdf654e3dc32f1279efb4057ac9a79701f9f95c5492503e801053b39194718c752cce4e96f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 25bff786321c287eeacb1c370b7febb4
SHA1 c74da57c2d6536c3d33ed5ead474365abb829469
SHA256 c853c4e7229ab44729cb47754ea08c40a92509113edd2e5f854329b10696f32d
SHA512 95971b78e4f6fa6d45635a6a8833d0bed688e8141120e4058ce12946aacfa6f6d2fb50ef047b4f9e3b53ada8a2e568d6bd1c98ef1cff8441ca64a5485a2f84b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 e5fc91cbce096df1d36191f9eedd3c64
SHA1 1a8076bf524b6d2b8a44c18fa8afb199a60dc1c9
SHA256 0e111dba5797ec182bf4af537a2c928ebd3957b99ed291610fbf322d6c2c9e19
SHA512 c9b064fbcb2df48dcf5bfa4387c164acb2bae075af013e6c39166dddc7e91ce993caaa0fdfac3ba1c3a12ca6c21577d99776fb1445f3009c7359b926a173f668

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 cfa7e74e6ab2535fba0bd8fb179db9c5
SHA1 e6c29594a3b464d5793760e6d6c6aa5d2285e964
SHA256 a9f716e2d3a4d5330d8bf01cc2341cacef1688d4197b6002cc8d8ff9d1443dcd
SHA512 5f090212f2baa9234d87c4926ab0399c49493077635478a62f896901e3ec636ff193bef9a53471efc9123473be93973159938eb71a329ac9d60334272e9b0f7a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 e6709b5b4df7e6c2acbe08d684ab278e
SHA1 87e37c9fb5e366ddb91e6294196d9e24b698781a
SHA256 dc41fe7e46b5cfd4e8b9a35b6be89c82745bf4bddc5f5f43b47145ce6a337264
SHA512 b08b7c812b406423b5480a1ded36769e4af7238be305f2dfbfbfe497a26c60d218b1c4f6631d046e92453ba912e1da7fcc08c5d96da805034156f054239f57b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d1eeadde12f5e5616a874b407b6cef1
SHA1 04e713371d75be3be075a633446be51aa298410b
SHA256 d41bd05e4396e617a2c038d44a24dc2b3d3e58b16f363a4e0f7cd7dff7a5111f
SHA512 a5f19f12ab0f09bce5f965ea28fc9691ec0cec3d0890af2a017e9fbcf790cd6460b8419a7f1b432d27dc62c491e2eaddc7b126b96aeba26682ff00eff76d4f74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 86d8de6debe2553a83b46076899cdbc2
SHA1 931f79b791c242e07aac5684c157d895ba871544
SHA256 6b472b0d896a2c55868a2d7d66047448e9aac88993ed0f2c060e53c7a6e0ae76
SHA512 4763e4394c69a386d12e40258243de72fa98ad3540043e25f2da4a566ebd6e6fe76cfe92a31993db1e7dd2c7c52b34fa246c4cb84e64a2d39c3da50f09dd9561

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e23f3b7d0cd4d8c2053428f2e0798218
SHA1 4a25e5c03484509bafabc8299a20e84ed8fae01e
SHA256 f66a6cc1db394be10804e76b66bf25b803e13fdb3c4deec9fc02f0dc4f1ff248
SHA512 ef9857c35ad7747c04caac2cfa3cdd5f04ffdcd956ee05b9ba4143ce090b53b9a3d82664d767103a71d27e9d077aa2f0294c6ff82883efbceb4dc6ff6fe613a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48b5d95261188c6b660c22d51e45ada7
SHA1 ed253855e2b69c5111a562abd9c05a1272bc805d
SHA256 0e6bb971c50c3fb0744f69d010e31918efc268573d7293743720356a58866838
SHA512 65ea822c400a70ae7ed99be0479cfd31401f36182a1fb2b37e2d39e4a9791a4c6ff867914412cab2908358b34d00dd6d05ae9a03987332c5f2c800004fac5d51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 61f790012b020c0e92bc5e1e0a124603
SHA1 4a3141392c247bf08fb36b9d48fd47dcfd635bcb
SHA256 11bda21a9ae06d1421ec728707647b4f557cd12eef114851e2f796ebb397603d
SHA512 5fe9852eab8145c8e7d7fb5e5c386fc08b54d2f69e74548cb4ccc74c894cec10a53be0bf4035b95fc2edbdb652f42f971bf730d8c5a434498ab8d0c00270b613

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

MD5 77013805b3ac7453ea899c4bb903c6a5
SHA1 7cea5d9ae82e0fb1b9b064240b8be90f1952c703
SHA256 1b2f053d26ae7a5571dc621b36b9eca2625e096e6d6524dcd8422adcb6514bf6
SHA512 ff966978a354df27b249a532fc2108c0037c33a4276cc12d445e7efc9467e0b2c0b409c69f88c25c7ac0a6f5245ba9afc468b8f700b78ff5e3a55e8c2f9fbb27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 17c21d5140f8238e283f0f627fd92af2
SHA1 5a13bf09425b8f6a45a483768a0bed91d20bfe9a
SHA256 f24f4214440fdea436ccfeeb6731c13431ea27a03ed1bd035d1a2d8cb93a40ab
SHA512 2108498b88c83e7c7115c8468323d5369f15117ed756d670999b6ba62d54b7e3afc70302d92cd83044e804326879fcc60919c92334739362ac2165c3c9276d13

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 77a17e4592384cb1f8294d4f2ff7086d
SHA1 1bbccb4570d6d63d18a381a8537d39f1630f67fd
SHA256 cd2abd352561ee7a0b6725b055d0ea62e6d108fd4cb800ae0e8dfb825f23bd2c
SHA512 823731ac0974fedecf9226a9c9149a1667a30a77373cd2bb0454eeee3bd456ce09c6f0c2a67b5ba5fe5f66bae13699a4619a29d8965df99df0b2362c995ff70b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

MD5 ad9a1cd24ba56c4e6009046b22b34a41
SHA1 0cb88a618d057c2c8aae81f2f34e3ca3c7d751fb
SHA256 202d4a887502bb7ce4eda105e317253ac27a49929d963949bcaa97dcc7af2a70
SHA512 438e59391afffaeba64c16f1070656e6cba4b13615b1f53c67acc45224cbd6dfc9f30657f7cab259a9b395978a89107a7e9d1d0fe1c68db5c0b9a50e39353c9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9e3c31a7dcea55d6_0

MD5 6a2e9d89c44cc1f51a57ff00df5afab3
SHA1 cffc9a7c68036012f3e10f5945f5428a2cf888b8
SHA256 e3cb9b6087df916288da323e3c7b1e078ff13f7c1e6f33f367ab3c6cb9901051
SHA512 c7c4fd7475914547a6b28c032709ffb60faff3904f97923ff87c0181fa0a8da21c144b5d5aaafd0b3cfc4e8d8c035f0e895ffc0b329a724f67cb11a49322ac71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\157ac5dc69855318_0

MD5 1f7f9a4ae565b84c00dc65aa26de23de
SHA1 5b6a56b975d94aa6b20b55193592bca326576d00
SHA256 e350fc3a34f82916ca9daa5da645256ac9d90d5e46b0ca7b590ef01b5890b319
SHA512 2ee801d1b0965bf6a1a92c041c7c184c9bc5106fb67b7bbe70e1e114e3d57d18e93ad53df5425e548103e0f4c2f3d21f3105c1414acb7a7b0dad5d58879e3913

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0166d18a353d8c474a845d6c5a8a1fea
SHA1 504f30640b16c9f57d842dcdbd2aff38054939ad
SHA256 7c2fd2361ff32a339d1957ae556b7afc5fa4045c90f6d27d2dc0526f541b20d8
SHA512 d9b65a1150eb68a0b3d46fdbc7852590b1588c4c0d8203edcbbe2b55c8630af626c9beed4b02c78e959d786b2e1d17e1b0e619452fed1f6ab942fe76ff92ab43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3ac70c4f69069cc2198b82c34b20f66a
SHA1 0e09c3f23f2d29cdc950bee634bb05dad6ec8b16
SHA256 a77ad408e2f500f74d2d7fe5d11958855eb1c99d9831c40f12b637f7ff1bc9de
SHA512 b63a4033eb61b2f35017e442fb40eab49da5c3d20a7938f5ba1359e45b7726970f7ed7f30425bcbe14abd97f05b343b5b0aeeb83dd24eb735526734d5036bb40

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 3f1d0ced84fdf349e4e9540f0ad26585
SHA1 7262dd7b742e801d8fa571e6e29fafa938ba3f10
SHA256 8fb742490af4831171559cec1e08116c53e5f12faea70477a8f466311448ab48
SHA512 4e37d1614229c977109c2c184bf9650a39b993b99a1942c9ee4e61bd865ff53ae28447c58d71e7d7d3d28c869a4842dbcb805c717a751a9ed5d8763c9bfd0dad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 98930e6294a406cee9c2be5e4f458914
SHA1 31e6890d925b79e00067a49db41578ffe42abc52
SHA256 5a927917cc166cd10f55de2d80944e4c69d917bac7876ec065d7806899e1d75c
SHA512 1ffed8057a0cb96b9a757606c5081d98f82f97bbe29c41ac9bf7e30dff8a35f686b373fb3b9204c4af6714dde0a9ab07e05036757b8eb67897bf29ba1ae53f98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f68b9f8c0db8c05ac784b66d1437bf63
SHA1 8bb12f8e8b185d66adc66a86db1f300344d2726c
SHA256 edece2983afd10a4063dfdeab36c437d1dc1446f70fa295a8000c51321f25c3b
SHA512 d7eac49e21d9e5351a168311d98cac5cdd15000b3560e2fb4982f62ea40e9fe55d404ceff5eb504a1addd5206aa8b0d2a47726d8c69b575930d50e6f7b6e4ead

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 44187ad67217d81c02ff03215abad7a2
SHA1 83ea8cfb6518d91443297a49b1e38619ad73dbd3
SHA256 1f1805154df2ade83869adce5810555453746d6d56ad4119bbe547c924fc2983
SHA512 8342383eb453702ddb1ff97d26ef8119feca0c6cbc41b4e8f71f3a1fe22519e93d1c719877b8c87695b114d047fe5506b7071303b4fd24696a9254bc7a8879ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8d5f21ab1f1a56ceeea7cd1d444f1c5d
SHA1 b8dd3f3757bfe92e792d5dda71f87959930d3589
SHA256 97ba26d9a95adb5961e6bd085bf482c4be86bbaee7221569a5fdcc80e52df3c8
SHA512 f1d57e6b85270acece566005c0ecf7cc40696f7a0c8d5ac32edf01c0a48b36725af7d96267a510b530cb0c1e352a5585cd4cb881a83017d0922e744b287f14ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8bbcd1f4d9baf42b1968624027a61d69
SHA1 cd9f850b9ce525b06ef49c630d01b1df9417d25a
SHA256 86c83fad0ef1febad879cf418b8f29cc5eb160ffade063decef705c3b5054607
SHA512 aae8fdb902654fb8074edc67a81dfb1d041ecd483a6ee37c298d5b25fe9d923cc5b95ba8c2b17f0a823294ba2e575859bb11a6c4178edac7e580877469f5e56a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dd6cdaa362b1d1788ea656855b825b83
SHA1 d756b5946d098758d9700754d6449fd939be7e93
SHA256 0c7c0107811a89681d25f9a511076864d6273cd2b8690b4d8c2fe8438e8b0d0a
SHA512 e467c987240c681706f1255fc7b6b04a6009aec59646af4020f74d3f49ea3b3061f1047a89992d164afcde9eed7a09fd2b9f29019dc46795d91c4b732f6207a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 be4fd139a05162eb9f7c173607a56406
SHA1 893387cd8fcade5c920b750ebcb2cadf4791660c
SHA256 c5322cf973065f3b30b83109867142793d37c51e23e5c876c4edeec56173d681
SHA512 5253f3407f7097c63078e77c63231b10db6b21b06688f25adfe719047f8f088c430df6e4434df9d5b1d919b75090d30a73b9c06758b455589389eef141806b01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 11d9ab5610474784b934cb5d73827079
SHA1 3bcfc48233adcdfc6dbd6d044775089eb1f906c7
SHA256 3216c4a56a93e15ab235e0e1540d883adac3ff6e8f2185270213eec5f3dd419c
SHA512 91c317d6097714341e1e2354a7b7d3b5677fb6c4b12e1ef55be6fb7751fbeaf41d45557b09d254aff231298a1676d2be1ddb78e336a65f3f798a59a7a0ccded7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2476c55d58ebef8754ea310c61faec2f
SHA1 2687c83847d317e21434f6d84091d08c959a1081
SHA256 4a55abdc66724a19ab42ccca844b39e72d3cebffbc34d39627b405898eac1333
SHA512 c259d92af4b953bd2f7ba9acb9822c191bf59cf8fb350b5ee1e6e2d65a19f725bef68fce0902301dfb69fd769f5cb84e359905d2fc2b248e64f25d2837113336

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7757c266dc05e18a34d95d7377a5de28
SHA1 8b24c91d5d2c409d29cd01f605d992a49e14d766
SHA256 64a6df9024626299e85b4a0a5a616673c30fab26118b6c56711b28fafdf89de2
SHA512 920ee145db1479812d4dcd66aa53cfdbec44040fad1aea1643eeb101b8634883cdf6d33f1531d5f0853124ccc29abac82bd05f3b7af53ba954da56d77c9a57d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac6be3d4898e42df9947c5567695e521
SHA1 29a3e79e70675c7027455eaf6d7b8c752a016b88
SHA256 b6729b378587ef2acc6b7b6dc3c0f5adbd46180c78cb8486a1bb66e7bcbe053c
SHA512 c98db26eb23fb6059503058812b82d384c4764a26cc5d220a23a31e6781f390c37fcef7e0244a4368d8c89bab8ace28db080844208cd3c7c53f74a3193d6d2e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1f4b01df65a19dff6d5c26096c0a2229
SHA1 27a4a780cfe7f58d74fe459815f1b2c69c09eb73
SHA256 e7f84fca789e6aa61b3e7d3d5a18441a30905888775abd9136e52e12b94cc675
SHA512 25e72356f4f3a6bb47f2baf248373976ad66c3de19715f6d4629c9f6d86c899bff7dd6b27acb2e1917e3a8b8b9958097fb931f573f6c54c59143b926d6f51e43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee9f0d8246d3065df0c6a0cd4eab0155
SHA1 9b07126aebdb7893b334fc2806a2bc1725f2cfe6
SHA256 8a873cae18a599f3442ed0cb94afaedadeebea84a0a00ed2f83bb027ad3f2ec6
SHA512 f8467cd8a37e14991a270741c481e0c3dcb433fdadb8d9e276b5c924249288d262aaec8a371ffcdf1264e6bfc04ba6a8a1b516cbea8fdcac4ee4187b9471621d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ed5aed257b1dc243ee7ce6a8a2281e1c
SHA1 394574ecf58d3e96a8ffe9d1b67a21909e35f149
SHA256 dc6cec62ab2bc2b45667664c8f48effbf75ba812ba6bae160ba4d51b601f6273
SHA512 275c3ea192f74a04ff3acb58fe18b28bdae947b4091b21e95252e83deb5feb2bfe492be6ac0c6de4848bcec88d2517609efc57804b6e79f4ba5d25c7891c1cc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7bed1eca5620a49f52232fd55246d09a
SHA1 e429d9d401099a1917a6fb31ab2cf65fcee22030
SHA256 49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e
SHA512 afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5431d6602455a6db6e087223dd47f600
SHA1 27255756dfecd4e0afe4f1185e7708a3d07dea6e
SHA256 7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763
SHA512 868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 18da5e4c4ace17ced467a14d0f75e347
SHA1 625b05e82fe184ba00524c9dcb77c4f28d8d5a17
SHA256 e8316152334da116fee5c9ccb46e76062b835ce1cbc50a42b01304d36d8293e5
SHA512 9de2b4aa2e0b09b731288f427732e746f384f2f97cace06cfb5fd5c631804be577739e74b16b1ba96598a8d37d77f5ffe6d5b916316f265d9f01be2d62fc478b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8316ca6db3dd41a73fdd87f5ef1ab53d
SHA1 c322528f06e092732e1041565dff17d79fee2b27
SHA256 6d0f0b3ec4a7161f50b61d1198bf5daa3cb526a6d73ed05ea0e317736e8f81e2
SHA512 b644eeddc52f3de3642fb97f5999580eb2898d94f719f4359a0b6b40f1dbfaa99bc5c5f74e5dcf6f8ac8fc3c12963cea9639af5aa8dc93f26ffadbd19e7f2090

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7443457941114737a5ad3e002935373e
SHA1 dd2af1ba1da16775ba6f36aa10f90082dceb87e3
SHA256 51bf21a77bb389a9e13d448676f234f70636d9b55d8e648695f6a11dfd77062c
SHA512 9593e2dda571ab5536e7315d810f69abf9d9a4b6273b92ed7b1d0d5572b810ce0622192b970570ce2547daa46739bc7e68133bf1652691be3e6af76141622594

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b6cc32f38b8a15c5b7fea20be012b78
SHA1 e1e5632a05c2bd442fd83b137c18c1cc3dd92181
SHA256 804b33e1b46ced541581f0ec90259b973a369b67d627729070e33cae391bb0a9
SHA512 2488e3dfe671255897232194bea9f623ccaf2085604a7ca2ace018cde681f07bc0237c932ad9c5fc924ca28c882d10fc70cf732add778a194be1e385392e4259

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f50e971af98af7d13aedc1bc29a2a939
SHA1 9d16ecc587d8febefba451a0b149cba924125259
SHA256 76e1e9f78035b52cfb39431789a3d2c8166d4dfc2425e5c3c2adf5fe91b11761
SHA512 10a498cbf6364af699eab73165bae1b7f0f5a2c1ac1bad052b87c102caedf5844bbe0626a6820877fce06a7d4b8bbb5a042c8f008a6859eb7de52a6d25e403ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 540c41802a2d92dda5219720464b4d8b
SHA1 d13ea0f98b0ed115043b5a76c6d9b019fac52421
SHA256 3a3850160583bc2b5c029424405a1d831b29e555a0691f3fe6051ff3ee208868
SHA512 705dbeea233067f78b8c92aa86dc9be2d4a8480ee97f68584aa5b814f4007ecca0680cf94b64f8a7a553e5dc40a5ce0729f3b4dc14ccf00fbfc62314886ebf20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0f67901ea1d6f33a5bb448a0084da82b
SHA1 6510e59ee9a47d753e8081ef58bd75823328b5ad
SHA256 a81ca70bd88f661d5f896988455480570242dbbd46d9921b822280a94d279de0
SHA512 ca03656fb6eaea2c89ec9baedb077264ed93f90599a245799217e9358575af36d0f59ab8c3a78d9949cb9ec8ffda10fbed36d7c9d3d3ac56c0c8fe38a148a7e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2386a5c6337db81144d3f4ba4282afd4
SHA1 87604061042efcb0089b64a42c697439a2ca867a
SHA256 ea43dbe406edd8b7df377875ddaa29febcda0a33b86182da22968e29ee48e14f
SHA512 5847c6c71e3cd03cbbeedc24f3c0ef9bff59a4053ed68a7d8571590cdb502323a46f69fe8544a08c8acb7b445fcd4ddbf95b5e7579ac55b9e246e036cb8dfd40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7362fa02f5984ae41a2653759d5bfb0d
SHA1 99ee543c5a172419b918db874bd6df3405dbfd26
SHA256 5a5c1e4c2ba1404fa2161d4f167be5a11b1d069dc9e43bd00543e07580846712
SHA512 f2884741daf7d7b82d5f27dba71e1566b179c16488bf807c94e335e269c9eeda145212f690120427c03d4f480f32686a9ca849e2f1070a761a66e7d04cd00f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f245e5cb7ad178e182f2a5ce6dda1523
SHA1 2ca7c9e632876700efbe576bafb2cf2d1fb27358
SHA256 14cb492b755242c8f8d0f90a64170685021793e67a40803b84482f20402841e9
SHA512 8c1bbce79d611b7ae96310e5ac027268476d2046545b980a57dc831dd4adec5100dc2b86d00e7e13dbb80022035f89f3b4d73ce7167aa8871a12c33f16b20dbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 73a8f58d7322cde0dc05f04f127b0647
SHA1 21d73e972ec12f7af33ef189d6107a5982f30c8e
SHA256 75845170cd8cca71cf7d7190b33d0ffa58f99235f51c70d22871367133ca1c92
SHA512 0945b82303240ddae11b5881537154b14fe45b7dde9830a21105880ba88f23925a48308b1ef9a4462293ff841a420587c5c0aca8492c3a91d6e2dfea3e5dd6cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 ad87e457254a0120f8b555d03f77221b
SHA1 971221e0efcdfb888ff6dac47d606e46183317f2
SHA256 7094f03503e8c5a0f6349c4b40008472a1cb749bb454b00159679e2a34dd7f76
SHA512 3cc6bfd4a4c871aff334c6745435612e79e54bf391a7f35db24765d900c6563f24011322a52684942fac410be7b8f0a5ee2f17ccefec606e611207e8cd2e76f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 fca3319350b61e7ef5e422ce8fb8ab3c
SHA1 52f3de3039eb29746a0ea416fa5437e53fc9d27d
SHA256 02485119ed6eff1f99a72cf0730cc782acf04fad4608d80f2b4958bad93f1892
SHA512 a3f1c75302c9621a220f0ca735cb749887f4b3e018381ae94fe14ef4f09e76ce9fa193e1e343de17d3eac3d412a9d489043981e8d4537eaac43090830bccb01a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ca4a0ca4e8750e0b5972a68af310af04
SHA1 644d8ded508cf9927f998ca7c5aace66fee0dddf
SHA256 be0f50c383f4a816436203456d9c420452216455cf902af4b1faabbe990bef78
SHA512 3fb6b49c33c31b133bcef69ff8abd674d0c81e15a00e1cf66ff02a5fbe5d40b53b43ea1e5fc2a9aeaebbc4312dd065b341934554e4b6055ed50822b4e9f10af3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

MD5 8fd5340634c91b71b46aea69002993dd
SHA1 f4a5f65cc42e0d6f5b9ecaff97ba55ec3412e4d4
SHA256 8a5aef9e84839582835976341c1ac86295fdd21c9fe27bc0d1b398546afb68a2
SHA512 7934b96c6658683417b356caf9985002cb01d4e47f516f897814ae60a56dff361b835523afdacd6ebc87bf8c758b94b8bb5822328b02c3b2c8d21206640db6ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 3940148bb31c739fe5a813002002bb78
SHA1 8c934f084062d305772a6643a8610c3a4587f95b
SHA256 b23186f7aebb73adbbc3edab05170def7edd8081ef6cbf4c802db559f5a8d538
SHA512 feb308a2c3f1263afeb806eb34e0dd986f735ed08bea4e2692ab73c3c8b52907d2947d6cefe259888dae95e86d3c7ae0dc3b38777b94cf73e326ec5b5df1a6be

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 7646add3c327702bfc89e5bb1f1be700
SHA1 a894f4340af97ed21d9e082fc3d107f4b23b9f33
SHA256 4401edb6db72c02efae90ac32b2a7ef336a0df06a639eab2aba54c8905e59a2e
SHA512 84af31ef0ed104115c5091528c3267f6c53ef8dc4e0fb51ce72a8760facccb12fcc731de941eaaaed2c9aedc995df3111bdb0faf527f0c6ba6014599773fd5c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 993ec406c7501467ee37665803ac3ef1
SHA1 3075118ab6ea1bfd2b24a623edf1b1c09c8d82ff
SHA256 464f60887e2c3e8a4c6b028aa31339b4e9bf7e9e4fc47a122cdca6a76ced7452
SHA512 a56d922efdcde387cf09b5e5eaf6a3fd903bcb7c6202c67b989d5fe00f961442cb706f71094824a33211cf91616b4f4ff4f0934bcc20fc308758a99de08e9cbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f8c03578414dc19a5bb2bfb311e890c
SHA1 dea1da10a168ba6b068a61d0ecb71753fc3bdf4c
SHA256 51387fae7c3e948691041b8494ab53bb16d7be086f8e38b44fbbb9032e306afb
SHA512 0e7166fd7061fc57f43f13de910ba3d5b28ae84195c4e29ae5e88c397d644b3b42ddeb4a33fac0d1daf57595fddafe53f122a8f3e0ffdb22f035435d53177f38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2433b28c7f57cab06322cd26aaac4b46
SHA1 0334ab0ae8e85c996295fb941a1e98b6b461a7eb
SHA256 13614c986962d1e63126cef01a10660837152e1a82c1076350cbd7663fc93d1f
SHA512 1b842c27c0d7e7f10b4cd0bb60f233563ca11de99cfe4f770d0295baba5754ee7e08919231cc3a2beb3955249557e3d381ecad44893d6a5b9fa83493b98b6cc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d716207f0af537a948e24fdcd70768c5
SHA1 b48d5cd502d4d6fcd47599f339e958818a1fbd67
SHA256 a25e326f43bb4f15153487f4b4e77f0107c44030f4a6a597214db5d49b6050b1
SHA512 8bb5478f5c5d04941001338035cdcaa45167b0fc03190c635cb7736e963115f85ef126279e6e7881c2482d74dcb9dc968e720e6e6675faf04b69c6e3b04d0d6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 00a455d9d155394bfb4b52258c97c5e5
SHA1 2761d0c955353e1982a588a3df78f2744cfaa9df
SHA256 45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed
SHA512 9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 697f44add674d0ae0f269a4994feda65
SHA1 597a39668b612f119e23e6c951440ec460169dff
SHA256 d73c98741f10926fbe8373d78bdcbf0d7b1845e0b9b9fd016ed0a7366c06ecad
SHA512 435ee430feb669627cf469ffa8bd7f079cbf826f3299efaedff56d110bd37b95edadf6a9afe5fc36c015b74441ca30f4de2e3a48cb590d19e30e939d86fb75a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 603d7e7653eee2d781664eddd6e21806
SHA1 1f10b79460ff77ca184c686695e9c259c13cb0d1
SHA256 bf3750993a141f0ab29617d144a9e3e3d8cad2c33f5247ca2b8b32300794ab65
SHA512 69e609397da3f2e2cc6ca6cd452fa56da21dbc8723f5c97c577ef69cb3c2098400038b34f6235374b93ce1d775c936e5a46974f7a03b668083845ec0d63752a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 04f690c364764ea47721f7253a3d12e7
SHA1 c3f62ecb7cede2a36ee778a2e16de8d51412d2fc
SHA256 a1da115a0c85b0cde5e9546446eb22d11612afa5fffbdbc9d9d60f997503d768
SHA512 6836123f60fd31cb2eaa28d1b99a7703a782fc7fcb237a984feb80d5b7481634c93bd482d047dcceffa2d0313ef3aab7a4cc5d5fc4c9ae768f75d15343987eb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 df5c5dcfa89cede4e09aa510077b7e8e
SHA1 ab2ea9598c9207c3f3a3fb310574ec702894d230
SHA256 c688544af02e46347f1212427ffbc0227392f14a9ca5a1c85f9a3142f75acf2b
SHA512 75989608f6d798328c15f994cc7ad76bbdb1bc2b2e8ca5d3e88171d61888bc9f14461f2214c298b97b0883599cc16394fe99d8d800f6513f39bd4dca16df8738

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0bc59f994d9be196ecfe349279f07d07
SHA1 732a80daf2c2b740965a478d3c6ccaea29955462
SHA256 8759a34b5a0db5e6073a9236ab37daa506fa7198dab6dcf6606a911b64a25746
SHA512 dd1dfe5c3f96d4b3608649e049dff483d86158a0208387bf0fbac236b6f1b282700c6603cc7e45d6160c7a6c853216e9ede9a3d03f513c6f70a8b6182f9fb587

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bdd9a5bfdb536f4d12e802587410114b
SHA1 450ceb49bcb2e64a06300443bf8616d3d401fa53
SHA256 7dd7b2b9b5ce5dea878be5152099c827e9c6fa5933b8d86fbde8750b6deab0a2
SHA512 5ef80c64e4db48f503b42089ba099049b5b4448a0baaa703e9f8edc0e750b48bdf0e05256c6876a9b4c5087a6716b6c6f09593c2d4e6c94575eeae606c283cc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69bf62eb83641f2c5ab600aa436d3818
SHA1 affbc45be97efe384aac7df9b2b524161f861a0f
SHA256 481f81f94f470be818d2a9bcfd92532e7e5dd029f2f5308988d0ab2da8428536
SHA512 c347626298ba5011392a2e360b0b8de4ea9cc0700ff42aaa54c2f858312c2fa4168c24ccda5f17d235e87a46f52dff378abf43d5bdf242d6265a968cc0fa1af1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 330e382b3a2ceef156ec08fbd095809d
SHA1 1d91890945800a31e0a93af22001c5ce772bc54e
SHA256 7637aeeb3ebcee409816dc0a234e83f91de3f3e98cc42844713d46a7f149b1f1
SHA512 731ed7482d7b80feea306ba33445b84730d5f6d816a9a74713e9248eb623426d1c7b5cc39653d2d9f90539a8bbf7c43f2dca8c2cbc450220ffb1cee6e4b7dcc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 14829421b7dcef3ba67f7a9a3af4eb93
SHA1 0ec21b49090e457dc02781e41e043a7aa936576c
SHA256 5a778d4ab6360803e17e742f7877fab0dabd39dbda8eb89d5742f67d2ed6c30b
SHA512 fffd51dd39c22ad1769738b578c636cd50a7ae3891c05062b9084a62a49be631fcb86e4d94b643fdbb01b7dfd75f37afea3745055f51a9b1ea767df5bf225060

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8dc11aad3124f0cc060dd9707a3748be
SHA1 30fa4b309cf6bf6c70f0bac8ace7f744eea5d9f0
SHA256 46194088413e51074256ec48be33f0f3e7b6f6e00e6dd28ec161842da072826e
SHA512 7e978c25837cec2f7b3ddcf2a76b247c89660e8ae77f65bfec7878d05493aa2b0213a1ab9a247ba6c045f7ab8fc97e696ca3d7531d503b3793482e8f3d1178b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b1e66c732234791c64b9716ef149a4f
SHA1 4a7e2878936c6a417065dec2a6d0be3f2e6df1c6
SHA256 dff04ac74399f1b94276f461be404b8879125c5cef7fab23774558a76914e19d
SHA512 75049ea00069a07c60400c6aee186ae9b86a5e9463834ed97d7786c08c4040a3e621e6afb75fb50573afe689246ae3686a54edc50f468f1d45a8de17107fcb84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f62fd703e4eb60623442640f8c2b121
SHA1 6710f4863a0941a8f29817e8e5d0d521c368e2aa
SHA256 da2d28028398f9010c163719bc2018907ec102ac44919b1c06282a3598c99063
SHA512 c506dd769cfbbe8eda8938722f258aa1b7289e8c2f8921720a65d844ee73c7a42f189ea95c9149c2116342e35783940f5858545926901d57a6d5433dfe468235

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dc381e68083fe0939860e986dd3f31bf
SHA1 507484bef1acf3be6020b1305968082f4ec91ef8
SHA256 09d5e281ffc25f2b36af712343b16f9bf9aaa31471a7d0cdb3b4fa32cbd35176
SHA512 43f17b8a29e49225da96c60bdc211a80906d2b5bc6deb7917f9231ab35565730323e23c196359c27e4f41edb87f8f1bddcda1fa8aecb02cdb0121705c34e0ab0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 148c1cd4008264d3896bf71bb391492d
SHA1 7ef38672b91218c33ed5c6ec163771cb4b693e35
SHA256 d5d410bbfdc90db7991197f429db77a55e38dc84de75320ec323c02bf6f5e461
SHA512 0bc66e6936b77f2fe5a874c43d988985e3b2b084c85a9aaa2c0ce0a8ab279ed4a736f96ca6f8d5275c0610e6f0b52400ebe34a7be918b8cedd1540666505efbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 62c8de235bb0218ec7fadaacc6220e79
SHA1 8ba746b350fbaafaf0ba2ecf0a5fe77cd4b5314b
SHA256 3ae88de19b9e02671ac283aa78f36ca41229c647e3f901136b9f52966e1bc508
SHA512 c9b33900f0480fb9f13a946aaf9d90348be0452b59fbe6eae413d07d5caa8aa2fc874d16483b2cea2125eaf119af702116a081622aaefce9e5db3739a562d45f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0397696b0e43488b22c2abeeed0bd1d7
SHA1 e214ac27a79e45e91957dc13732f3fcc5a5fb9ed
SHA256 d2ed5f3a4f1b6e6137124c928c7c9a1088a44a680556ca1664c7d8f8a9f9c1ee
SHA512 41ff7a51fe39635061812a248f12595b751693c6643210fae54b8ec71b557a0228587dfbdde94ee40949a459c3df656864478a1eb7ea3c07c74533ae75d417d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1aa59d64bdfc9c6cb04405070dfa8b27
SHA1 7593c737e051ceff47fc8546cf1a243a6eaeb267
SHA256 8f20315ee413ea1ba2a5be090af218391938bb2581a39c3db503006cf45f32b1
SHA512 3e74fb040bdbd62a18f77efe2763cc839327736d9a70d3b9ff5c2544582df3c296c6eede749df26fc1b0bf08fcb68facca3f7eac8416d3d29ecc7d3d291c5307

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b557ed58fefd51d95f67f1926b8dbda7
SHA1 db97f608cb2f68c18671b671566e4c53dd9fef88
SHA256 af26cf222244253fd2f2abd38d6a07cb06e0b62a6c32d9233106b06dd1242a81
SHA512 b00aa1ec112e563a52a23453cae17da79847af057ca5417c9d449f5c042a56064cab65ca06f91711a7968cee42285f64f22a539965d9a479f7a138423d895534

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52e8411690eb49827086f3cf9559ae2c
SHA1 79544343be1e2c517255de32190330a7c0d764af
SHA256 c08fa4cf7814f9fcae608f43714930f36c36c2af855163d5b7a5ed9c5a2e6bc7
SHA512 2c7acc2fd8942ae74bf02924ddce00201775c21875334a49e0b64ee341ec21b15623f431794a4fbce4fc8f8292310364f350eb9b7be7257a5cd5f9c0374f47ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d9b250bf41a27575d6d312ad6dd2caf2
SHA1 95cbb0607a67baf26e5f128cf9501680be256c71
SHA256 609ed546779a9a91aec7aba33b2192bd9ab2972aceab6a226029122d804d8be5
SHA512 06f353c9a2a5ebb2fde7c7262a735b9577776028a1ec34366bff68a988ea8c4f0c425ecccaea003961853a0d3581e71a62ef1b1f78f6b694c3e93dc2b6912bf4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d346e17c6f868d13a922f05a4ccfc31
SHA1 eaa4ea4b4fa9d704b775492257a85c099d940aa3
SHA256 e5b9e75eb90bad9c839626b45860d5628026f20a26f3731c9db83a284547db01
SHA512 0a65743e67cda6ab25fed3e50545b462c0007c3b0a11ef8fe2adc66a8d94951d98c82ef22b2521d50ca91e485e10d996f820ca6aa36db154b0805b93272e2b90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0077a4268ba2defc6aa72b7357e41cfb
SHA1 85de67018710d8708af793063991c646f3016322
SHA256 29a671d1706e2f290d10091434efaf5e0bf15f23724e5d339667790d2d8c69c9
SHA512 a94e56acf53f85f0ba54199f52bc69027b9dcc74e3345950964add5c786753e9671527847189fdd973542f1e4d8be90fb971c7b59d02470156f47709656cd896

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5d6babac0f9263e16b92c02eed0be18
SHA1 c3785c47014a885a96e2e5e09d024612cecd123e
SHA256 2d2d158e555e0db93f1763376dfd7dc84187ab08ab1ce0876c9ce780ac6a073c
SHA512 ba4f47a78476e336946df393a3c002454741dbbfdbc1971dc302ca8ea305e674284f456de2405121139bbc2822274caa410316d2460661f438ac0bdfc3d32e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40ca3668bbf27bfabe7ba8a0b3272e9d
SHA1 20ae252829d5346653a38d9038d38c58d53112b7
SHA256 f5a55d69a0de74a56bb4ae0d45766d7dab294807cb06b80df94b4d8785a0e9c5
SHA512 6e7534ca5d18252dbda0ff06b4b3e6f8e2b801db1a9fe9da651fd98718571a5bc239abb498717abb4f232633f677db44e58d26bda0810e6a6ba9cdaf9a6ab167

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4901cab4631e9606d1e8ebda0cb05d29
SHA1 bc7310b7c5114b481d018e59ce2bab0d5b2df290
SHA256 0171d02d7a548b3816dc33a9cdd4d7a5360ed8f5b05327daaf98b20619f03d8a
SHA512 833a31e70bd999801bfd7d83b74d687b1777c62998fa09511dc3a3e5f2b93642f5fcb32ddfdc880d92d7b69cce0cafd1892b632688d2293279e916185c4b2477

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 12b10973b58e3ca4403c99a3eba75fb2
SHA1 a36857e8c6b0374584ce4ba7facb9f6d769f7a92
SHA256 5659804baa5f2173d4a8dc0bb02ae77e72050677a3a27537a32b37465fc0acad
SHA512 cdadf861a34797683efc7913d2c131f8ba73a435b129ee6317915f7754b60ab9d99e048998c249975704e0b4059b9a8b3642196a0650e45bd32546d67e360ffc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2419a5f4f8908df165cd4c52b5bf4dca
SHA1 d22d752ce762f14d61080896ed22d5eebeac5d40
SHA256 67e85027c2d565f6e9dda90517a1f1751a60cae408bd7bf12127b28617de7fcf
SHA512 97fb0b9be18d30e6dcb4a2cc8f98e88ca1e63ace68d45fdf23b7ff28bfbff5f641feeeb955357558cfcbd3d5928e6474af187e99c04ba8a43cab2ec60d01693b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9144eb43d5e325c527b5b9994891d404
SHA1 09a6ff21e9600b76710563b92541378a070227fd
SHA256 42cf9b71a97b217889d4f03ccccb3d5ae7ea26228aea3106b1e89ba8cf7ba177
SHA512 7b8e90cace21dbb570950f401761739948ce20a8eae2d2ca51b970f819a4caca843edb454f92d117130ee6f6baa85aa5df97edf1a1b30a19fd5487734441d167

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c66ab4da9e10719b4c7beb12bd46376
SHA1 e9f0667ef541cb27efd12933da804ed4cc23963c
SHA256 5318ba0b009a5acb8743efa966f9b8a58079d0c405c672ec6dd30bc90fb05a56
SHA512 7b5e6a9f9c3b59f1d8057b2da1d6e25ca102c8119000694df783efdfdc2b4f44e2172ab4998d985113303164f19c1cec013f15b1b752dfe588a256f34aa0265c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6de64319685cde6b25291be28a37932
SHA1 88e404fa872e04c7625bfbc21bdd41e911b12269
SHA256 f355a77593de6b7d075ea020fc76ea350b034d2ca7ebfcc4c7e305ea18f522ab
SHA512 2c8f7ead3bc2e7d0800611f2201096122357bc6fcf3f2bc98d22e02f22ce1c5d9bed8eb7d318d13a34054a37838a764a3aac396848b36269b473a01b7a65c011

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4662ad65becc4f21f7d33d831dbc24b9
SHA1 67d755aea002570e17815277e6d316629b5fc1c6
SHA256 be2a28063dcad141db2a582b29b18afc20ca9efc99465afd6a4131292f903f84
SHA512 dda7ac756ae369b8e100506270cf8612e29deea102b7fa3ec6f38b5d3a843782a3553308c13d9599bec5e6126839faf0c6927c9d226c9f51356735009ed24a57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00ab82667daed881df81c09d2d4534d9
SHA1 297b7b1fb96bad2b17f966da8610243b5f4c99af
SHA256 278fc1b09a2756b3b847abbda4d098d926f1167b85bc76f73a87281b0d6569b9
SHA512 d6868589d6719a47b72a4b886c18b6803659df00105052cdb74d71b853ba170bfa2769d2e065169d076dd5bba735d1ce020317b64e5a503d7d7a04c7e11c3378

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a5d79c0e5aee5722ac2b3b13c3ea5962
SHA1 b2b9233cac61c5d7a9041bd7353b83d21002d18d
SHA256 dd9cc1e575f751f80bfabba3c2ead0f2f9297d3395c81bc055837c7bb33d4a4a
SHA512 8df6b9c620ef14b1d1c20b785216ada5b7dc52e38f6343b98a129a10e76f41f3641e8a4095ba7f89bce00634ac9e2a951a9f334dc8dd9d3264ab8d765964fc51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b1a517309a0c798bc4c3d72526f1a27
SHA1 3a2404a43aecc098aac9d2b428d91abdcd3ad718
SHA256 aaf6699939d32b7cf84ebb8fe0218adfd4903363eb6737d06816135ceaeaffa2
SHA512 4d0addd7d6e3395e0a3838e4361cacfd04973337d1ee28267ba65a5dcb08095eca76494535771538cc8487a764515605efec9051adf44cd3e851a161da4ec800

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d5e58ea83587de399b74a9f1510e803
SHA1 66ad047180f8bc45c5732c59527af9606dc49aa6
SHA256 f77a58e5e91a68661f25ad8035be268d0a2186a501dd5c30ff4ac7ee1d753def
SHA512 d84648243175557991dfd68425ae627d6c74f03a4c4019d7b56ca6a2ff4e7f2682ba9f7a683af7ae83c6c2464cc255bad60189587323f20f256ad9a1ee3c9c1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9dfe68735f3e41a7983f06da67d4f24b
SHA1 9d71a6d44b52a85e32354682cdbf8cc09a085b2a
SHA256 acab907a128ce3be619d6219d633f7f4d104d7d12346ff56466670f83b092a4e
SHA512 5793802cb131e85fa9f86c3ac2784cf079ef742d6e4fb826e217ee961ce1b3bfe4fd1b12a4f2fad0bcd6972659bd8cba32d34f4f56ff46f441fabdbd0893701f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06d37d7f7b4d2a03e6109be6f4f955cd
SHA1 2c296a3e970d7650365f22abf0aa5f51568f07a9
SHA256 749654da331b03e04ffaa72c62f8fb04a7420b6a86e8b5fbebf8547167ef1638
SHA512 bb96dd8a398218ef131152782d8520225926fb9e97a04620443a671382b4ee319744ebd633517d4458d4581ec02e1d0744a9397cf64ccc2161e15af45621393c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34e4f66faaeb0db1b28f0cc05e80ee73
SHA1 cc34d5e71fc9070a87b4926d24113fa67aec42cd
SHA256 6aa71371a4201fd24f76ae9b45dda6a5f49b5989c63c4aa0d6a5c2ea289af8e3
SHA512 9d8e0dde58cf0ed278fdf2d2462827a41a60035a0b5683e80027de5cb22f4ef8bec59eef4ac1f2295ea287f7ae3cc1cead5592087cf1a7af62c0a0be3363b1a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8568102e0b4fbe000660b3064434571
SHA1 9fdbc924d8e3691510f628b29e5b81ae7ca70339
SHA256 bd2a692175fdad6aec1c272876c3db214778e24e262df264588b1f22a711ceb7
SHA512 13b15debbc75fb2e4224273a9f1328b5cefb40c47277a228f313dba57b780ce8bd6296a70aa34a8b92bb24b271d6f07b8d08b3c4996e55a572da441664a6e289

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89449d4e085f1a14e2b99937d46ccf9a
SHA1 d16a4f2677997898830b36eeada054aca2e3bf46
SHA256 ee457005270392d0d6b7bbeff2bc3e4f41d024bb86c821b43d9f99503834ab18
SHA512 54e18986ce17580f1182f0a4d4ce60dd76295dff862b1daa8bb7edba69482bfd55efba92ac73b330cd0c733b1cd34ddb0b7a9d49a8a7c78c5e6fa587fdf4e562

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06b9a839977ac3739995a400ae42b068
SHA1 2d1ac4f10c241e3a62f1929d5651a2b7d26baa7d
SHA256 970eb0abfc0db8b8d4272a1803ad0a1e24d2ba54badef2e4c5a72c822bd95899
SHA512 54c0636746fa7137dc96658c1b2fd2a862eb403db05ed3a2018730142ebd2fd8cc51ce4adbc9de59a4f1dce16510b1782aa526646f2d03ca68eea84bc9bf9d87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 53f388e1e6558323d6f7d778ed6a376d
SHA1 bbfd307c5fc1c5b076646d593089319dc5ad6dba
SHA256 4bdc942d98b26c34ae1d49a3eec28371cca1a93a2c467f569ccc897561052d32
SHA512 ca500cc97cb427f6bdf6cbfd6abd8e94182158e09127e6217923be327fbe2fb311ce403b36a2abbb21f81a3123678338fd9c0aae8fc51fd057e93266a69bd495

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 71c49ed91eb6aff19e693a19f5268e72
SHA1 f04f32dd16cf65295186934d8190d44df262b2a3
SHA256 cce77e37acc037a18a2f3cff21dd89fd221fd073a2711cde4adb2d465b06c822
SHA512 e3ee9dd6c6764e371fa5f716e1fc5d9a1223f830414267b2a2192e3eb115519031b18fd50423780dd9fce4a4949e48ac6ff89c02c1023e799914eafd7b7445a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 02c65b397ee5f7f73153de360ab3cd26
SHA1 05f693dedcd5800c87b1f0bc49173f365bff8e24
SHA256 97ba93db9368fa13cc638caa8b22e536b4e6f063cf83ed731452aa682a11ebfc
SHA512 c1ba66a9a8ed8c89517ee614cc04c689aead97d77766d0e706371e9bcb19e9c5bd31a62da22e98f649636098858fa3b89daf2b2c5ff3fbdae1ad6dc01ec8fe64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 12f14df8153adad022f580ab9fb4a43f
SHA1 2248f88020f824a2788450ac923f5599a780a688
SHA256 c7915237e48847f8e9a0d011e0a7a7df3744b2ad45e107e828d2d59f3c1bff7c
SHA512 570be492ffc53279758db091a73ccbed86f021bbffef8bf51f33dc999089e6743e5e422517d93ddc9394648caf23a0b1b312d4d3e618adf7d4f3b9a362922ce7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 344b568d3cdf1101103fbf8962030c85
SHA1 1dc548b373d1496ba3adf6793f508dc4df031c64
SHA256 a7b25fc191829caeb5a2c30caf7f9b02197f432fca106e5d738aa3d1408644e4
SHA512 408f3c9868c7cf7254ae927932f52d0091e494bf1e252fd2ec2652ee0acdd196c4e797116993f12a03069a60f1a8d3bb670e6e6fd4909795f9a6d8db204bc843

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c30c6267fc190aa726a3e501169d706a
SHA1 f277ce175a35a4253e56b00b61a1e792e08ef7f1
SHA256 b317f04f79a02bde74390669fc9ae6fa367e11d7e4dc77e8165a0685b73a47b5
SHA512 eb9c10aa8005e8ad1a2d22a1533dbf42335a1d8a1c035fae4c7f1020a13296e8357df1588e38a7cdbfea77c2b8bc355bdaacc69210340a870d1816732102cbe1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7ea008b3694cdff3bc49b7128117a672
SHA1 6f09959f3a737aefd3ad683baec79865e23d3477
SHA256 554f8c45d8dedeeee96e622a53f5e810b25d64f5d46de42c36adb48bc600dc5e
SHA512 673fa6e0f0c2e1585145aeba1c07e07adb2ad7e99f98305ee9a1484f87adaccce4add59d49b524751c67ca192f265188ec29d161003ab303857cfe0f78906e54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d8e2970aba5828f423fec48da10da58
SHA1 4962d344b086cec3291de357358cb72b0189d798
SHA256 825670b28eba861ae6acdfa9058038b4ef5b96ebba049e59e651a8113e41ae62
SHA512 5fe900137a92d95bdcaa55c5c5250db25179078f5884701fb97e27142fd5d394f34177129dd243a1f472a47c222823d4ed7b5d89957967590d4c03248ea39461

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 787cd4996cc3e643ab8bb1d16d8ed56f
SHA1 2c4a4d40521c704775df67c4e1ace16cfd1fd902
SHA256 14e42f4b12357ae15b3a8698d80946ed03a524c18df7d72e889ec3a3b825911e
SHA512 1778e6a16730782a4b1279da2e5f1e0f6f0f22fbf72899dbabcebca6bfe1a59dd5228e476c7c3757f202886f1c6902b057ee209a69193d36140b66891113eedb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2eb1e2c7082bbe2aa6f3df9e6432871c
SHA1 a23a39b7ad07145493cbe63d9935965f3d59ba52
SHA256 37c8032a8f66537cb1a64c5dae3c8f903652843938f3786b33bef61f7b5a8ace
SHA512 edae42a6004bc35f5931ebaa944364cbbb5315823cba5d27a0a3234e0016e5169a7f731ad1b3c59fb531ab7ce1e829864efe5d42892e46d73bff9566429d426a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1b1ab4821efecbe34d384a9c8e16c002
SHA1 4c6b49f318cea8fbcfe6525dd0bc70a02a44fc9e
SHA256 aa978832a9a61d5fb6f89b9e85cb78ab95e7baee27bc7e4b8e03dd10a926930d
SHA512 b4434a07c3b42a744c18b8c6da40cda7b906a1ad1c27df331616cd7510d4a77643b515b29cdfd0743ed8a74b9b9ab767cdc326d13110709b7b8adefa88348ce2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 347037e0081e29ab9f98811ebbaa8319
SHA1 9256e34733d6c44233c13fa830ffcecee319f1d9
SHA256 b14c265af6e7624d5ef52f49fae8d341a0ed1419f29cf32a61a4f883858b5807
SHA512 1c2248e952314d8023fd3437c1907687709e73bbf277dc280fa1ad4d14142b3e89d58ee185676f4b243e44dff07fc5d64dc6caff98007b97e41dd6f17950ddca

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-03 17:54

Reported

2024-11-03 17:58

Platform

win11-20241007-en

Max time kernel

93s

Max time network

98s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\Data\Ebay_Cards.txt

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5076 wrote to memory of 1168 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 5076 wrote to memory of 1168 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\Data\Ebay_Cards.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Danger\Data\Ebay_Cards.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-03 17:54

Reported

2024-11-03 17:58

Platform

win11-20241007-en

Max time kernel

7s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\Data\Fortnite_Gift_Card.txt

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4140 wrote to memory of 3420 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 4140 wrote to memory of 3420 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\Data\Fortnite_Gift_Card.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Danger\Data\Fortnite_Gift_Card.txt

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-03 17:54

Reported

2024-11-03 17:58

Platform

win11-20241007-en

Max time kernel

7s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\Data\Roblox_Gift_Card.txt

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3044 wrote to memory of 5420 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 3044 wrote to memory of 5420 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\Data\Roblox_Gift_Card.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Danger\Data\Roblox_Gift_Card.txt

Network

N/A

Files

N/A